The hottest trends in technology also represent some of the gravest threats to corporate data security.

Mobile devices, social networking and cloud computing are opening up new avenues for both cyber criminals and competitors to access critical business information, according to speakers at this week's RSA Conference 2011 at San Francisco's Moscone Center and a survey set for release this morning.

The poll of 10,000 security professionals, by Mountain View market research firm Frost & Sullivan, also concluded that corporate technology staffs are frequently ill prepared to deal with many of the new threats presented by these emerging technologies.

"The professionals are really struggling to keep up," said Rob Ayoub, global program director for information security research at Frost & Sullivan.

Mobile: Mobile devices ranked near the top of their security concerns, coming in second behind applications, such as internally developed software and Internet browsers.

Businesses face a number of threats from the increasingly common use of smart phones and tablets by their workers, including malicious software that attacks the operating systems, or the simple loss or theft of devices often laden with corporate information.

Juniper Networks, a sponsor of the RSA conference, presented some eye-catching - if also self-serving - statistics during a session titled "Defend Your Mobile Life."

Mark Bauhaus, an executive vice president at Juniper, said that 98 percent of mobile devices like smart phones and tablets aren't protected with any security software, and that few users set up a password. That's troublesome, he said, given that:

-- 2 million people in the United States either lost or had their phones stolen last year;

-- 40 percent of people use their smart phone for both personal and business use;

-- 80 percent access their employer's network over these devices without permission.

Bauhaus stressed the need to adopt mobile applications and online services - which Juniper not coincidentally provides - that remotely turn off and wipe gadgets, blacklist spammers, detect and remove viruses, and ensure that devices are safe before connecting to corporate networks.

Hackers have already tried to exploit the popularity of mobile applications by writing Trojan Horses, malicious programs that appear to be helpful apps in online markets, said two researchers from Lookout Mobile Security of San Francisco in a separate session.

Once users install the app, however, it can disable the phone, force it to execute commands or snatch information.

Since late December, two Trojans have been identified on Android phones that represented significant leaps in technological sophistication, said Kevin Mahaffey, chief technology officer of Lookout, which also develops mobile security services.

Known as Geinimi and HongTouTou, both are examples of malicious software inserted into otherwise familiar and legitimate apps.

"We're nowhere near the level of sophistication you see in desktop malware, but it's definitely a step up from what we've seen to date," Mahaffey said.

Cloud: A Wednesday morning session titled "Cloud Computing: A Brave New World for Security and Privacy," highlighted the considerations that businesses should bear in mind before using such a system, in which data are stored on remote server farms rather than ensconced behind a company's own walls.

Placing corporate e-mails, human resource information or credit card numbers outside the company's physical domain raises a number of legal, privacy and security issues, according to the panel.

Hackers go after cloud providers for the same reason that criminals rob banks, said Eran Freigenbaum, director of security for Google Apps.

"Cloud providers are going to get attacked and get attacked, because that's where the data is," he said.

The measure of a cloud service, like those provided by Google, Amazon.com or Salesforce.com, are how they hold up against such assaults and respond to exposed vulnerabilities, he said.

Freigenbaum argued that cloud providers generally offer a higher level of security than corporate firewalls because they built their systems from scratch with the specific quirks of the Internet in mind.

But not everyone agrees. When the audience, largely made up of security professionals, was asked whether they could provide better protection in house, the overwhelming majority raised their hands.

Tanya Forsheit, founding partner at InfoLaw Group LLP, stressed that the legal culpability for data breaches largely falls on the owner of the data, not the cloud provider.

Forsheit, who represents customers considering shifting information or applications to the cloud, said they must strongly consider what information they can and can't afford to put online.

They must also negotiate hard for shared liability and greater transparency of security performance.

"You need to start asking questions before you even think about this as a business decision," she said. "Get everyone in the room."

Businesses also need to create and enforce clear policies within the corporation, said Archie Reed, chief technologist for cloud security at Hewlett-Packard Co.

He cited an instance of a marketing department at a Canadian bank that took it upon itself to place customer information in Salesforce.com, without the knowledge of the IT or legal departments. In the process, it might have broken laws concerning transferring data across country lines, he said.

"You need to have a sense of urgency about that, because many in the company do not understand the importance of that data," Reed said.

Social media: The security pitfalls of social media were on display during a conference session on Tuesday.

Abhilash Sonwane, an executive at security firm Cyberoam, shared the results of his company's research involving a random sample of 20 companies whose employees are active on social networks.

"The information I found was scary," Sonwane said, "and it was entertaining as well."

By analyzing LinkedIn profiles and monitoring the information feeds from Facebook and Twitter accounts, Cyberoam was able to uncover things such as the companies' hierarchy, decision makers, employee morale, intellectual property and financial health, all of which could be useful to competitors.

In one example, Sonwane said, the LinkedIn profile and Twitter feed of an executive at a big retail chain indicated financial problems at the company. Two months after the accounts were monitored, the company filed for Chapter 11.

"Information that was impossible to find two or three years ago now can be searched in just a couple of minutes by looking at the social media profile of the company and its employees," he said to the audience.